OB-WSPES: A Uniform Evaluation System for Obfuscation-based Web Search Privacy

Abstract

Web search queries reveal extensive sensitive information about users’ interests and preferences to the search engines and eavesdroppers. Obfuscation-based private web search solutions automatically generate dummy queries and send the obfuscated queries to the search engine to hide users’ search intentions. Despite many obfuscation methods and tools have been developed, there is no practical system for evaluating their utility performance and the vulnerability against modern privacy attacks. In this article, we propose and develop OB-WSPES, a uniform evaluation system for obfuscation-based web search privacy, which allows researchers to conduct fair analysis and evaluation of existing or newly developed web search privacy protection/attack techniques. Leveraging OB-WSPES, we model the obfuscation activities and systematically implement and evaluate five obfuscation schemes and 10 modern web search attacks on the public AOL dataset. Our results demonstrate that, counter-intuitively, adding more fake queries to a user’s real data does not necessarily yield better privacy. The query utility of obfuscated queries declines with the increasing amount of dummy queries, while the application utility does not. We discuss the experimental results and point out the four important factors that affect the web search privacy and utility. Further, we propose possible directions for future research.